Enabling session in lumen framework

Question

I have two (but let's image more) micro-services (API) which need to be aware of authenticated user. Ideally I would simple like to resume their sessions.

All micro-services are using same storage for sessions: redis.

All API calls will have Cookie header, so all services will be able to resume sessions based on that cookie. I have successfully implemented this via PHP $_SESSIONs.

Now the question: how would you go about implementing this with Laravel/Lumen?

Answer 1

Last update on 5th of March 2021

(This answer was getting a lot of attention from Laravel community so I thought of updating it.)

Laravel has officially stopped supporting sessions & views in laravel/lumen framework from version 5.2 and on wards.

But laravel still have a component illuminate/session which can be installed in lumen/framework and we can play around with this.

Step - 1

install illuminate/session using

composer require illuminate/session

Step - 2

Now goto bootstrap/app.php and add this middleware

$app->middleware([
    \Illuminate\Session\Middleware\StartSession::class,
]);

Purpose of adding the above middleware is to start session on every request and save session before serving response.

Step - 3

Now add config/session.php, since it is not present in Lumen by default. You can take session.php from Laravel official repo.

Step - 4

Create framework session storage directory by

mkdir -p storage/framework/sessions

Thanks to DayDream

Step - 5

In bootstrap/app.php add bindings for \Illuminate\Session\SessionManager

$app->singleton(Illuminate\Session\SessionManager::class, function () use ($app) {
    return $app->loadComponent('session', Illuminate\Session\SessionServiceProvider::class, 'session');
});

$app->singleton('session.store', function () use ($app) {
    return $app->loadComponent('session', Illuminate\Session\SessionServiceProvider::class, 'session.store');
});

Thanks to @xxRockOnxx for finding loadComponent method. It takes 3 arguments,

• first one is config file name. (file should be present in config/ directory)
• second is ServiceProvider FQN
• third is return of this method.

loadComponent just calls the $app->register and inject $app while building the ServiceProvider

How to Use

// Save Session
$router->get('/', function (\Illuminate\Http\Request $request) {

    $request->session()->put('name', 'Lumen-Session');

    return response()->json([
        'session.name' => $request->session()->get('name')
    ]);
});


// Test session
$router->get('/session', function (\Illuminate\Http\Request $request) {

    return response()->json([
        'session.name' => $request->session()->get('name'),
    ]);
});

I've also added example over github supporting from lumen framework v5.6 to all the way to current version v8.0.

https://github.com/rummykhan/lumen-session-example

Answer 2

The accepted answer is outdated.

I answered and explained a bit how to properly do it in my answer on this question

I also posted what is the problem on my question at Laracasts

To quote:

the solution that is found in the link you gave is that, first it tells you to manually register the SessionManager to prevent the unresolvable depedency parameter #0 $app then also register the existing SessionServiceProvider which also binds another instance SessionManager.

Problem with that is, some components use the other instance and other parts use the new one which causes my auth attempt session not being save despite actually being put inside.

Answer 3

I tried the solution mentioned above, however, it's also required to create a folder storage/framework/sessions if using the default settings.

Answer 4

It is important to that you also use $request->session(), otherwise it will not work.